|
Rather than storing your Grid credentials on each machine you use to access the Grid, you can store them in a MyProxy repository and retrieve a proxy credential from the MyProxy repository when needed. To store a credential in the MyProxy repository, run the myproxy-init command on a computer where your Grid credentials are located. For example: $ myproxy-init -s myproxy.ncsa.uiuc.edu Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney Enter GRID pass phrase for this identity: Creating proxy ........................................... Done Your proxy is valid until Fri Sep 13 13:52:56 2002 Enter MyProxy Pass Phrase: Verifying password - Enter MyProxy Pass Phrase: A proxy valid for 168 hours (7.0 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu. The myproxy-init command prompts first for the pass phrase of your Grid credentials and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days and can be used to retrieve credentials with 12 hour lifetimes. The myproxy-init documentation lists all the available options for the myproxy-init command. You can set the lifetime of the credentials you store on the MyProxy server to longer (or shorter) than the default of one week using the myproxy-init -c option. To store a credential with the same lifetime as your current credential (for example, your long-lived credential from the CA), you can use the "-c 0" option to myproxy-init: $ myproxy-init -c 0 -s myproxy.ncsa.uiuc.edu Your identity: /C=US/O=National Center for Supercomputing Applications/CN=Jim Basney Enter GRID pass phrase for this identity: Creating proxy ............................... Done Proxy Verify OK Your proxy is valid until: Thu Oct 20 17:29:28 2005 Enter MyProxy pass phrase: Verifying - Enter MyProxy pass phrase: A proxy valid for 7278 hours (303.2 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu. By default, myproxy-init will use your credentials in $HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem. To upload credentials from a different location to the Myproxy server, set the X509_USER_KEY and X509_USER_CERT environment variables. For example, the following commands use X509_USER_KEY and X509_USER_CERT to upload an existing proxy credential: $ export X509_USER_CERT=`grid-proxy-info -path` $ export X509_USER_KEY=`grid-proxy-info -path` $ myproxy-init -c 0 -s myproxy.ncsa.uiuc.edu Your identity: /C=US/O=National Center for Supercomputing Applications/CN=Jim Basney/CN=793146486 Creating proxy .............................. Done Proxy Verify OK Your proxy is valid until: Wed Dec 22 03:55:42 2004 Enter MyProxy pass phrase: Verifying - Enter MyProxy pass phrase: A proxy valid for 17 hours (0.7 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu. Once you've stored a credential in the MyProxy repository, you can retrieve a proxy credential whenever you need one with the myproxy-logon command. For example: $ myproxy-logon -s myproxy.ncsa.uiuc.edu Enter MyProxy Pass Phrase: A proxy has been received for user jbasney in /tmp/x509up_u500 The myproxy-logon command prompts for the pass phrase you set previously with myproxy-init, retrieves a proxy credential for you, and stores it in the correct default location for use with Globus. The myproxy-logon documentation lists all the available options for the myproxy-logon command.
Last modified
05/05/06. |